{"vulnerability": "CVE-2023-3858", "sightings": [{"uuid": "00841ef2-5ba2-4791-8749-197a8ccfde4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38587", "type": "seen", "source": "https://t.me/ctinow/170413", "content": "https://ift.tt/rUNl1w0\nCVE-2023-38587", "creation_timestamp": "2024-01-19T21:27:22.000000Z"}, {"uuid": "e7288161-b5e9-45dd-a791-7090d8d42324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18743", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-38582\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: \n\n\n\n\n\n\n\n\nPersistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.\n\n\n\n\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-09-18T20:04:48.193Z\n\ud83d\udccf Modified: 2025-06-18T14:29:30.087Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03", "creation_timestamp": "2025-06-18T14:41:44.000000Z"}, {"uuid": "45c21502-bae2-484a-95a8-a64e89064cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38587", "type": "seen", "source": "https://t.me/ctinow/185750", "content": "https://ift.tt/C4RUj0a\nCVE-2023-38587 | Intel NUC BIOS input validation (intel-sa-01028)", "creation_timestamp": "2024-02-15T18:23:13.000000Z"}, {"uuid": "90850e18-cb7b-4ddb-8597-7330a7c8e6e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38582", "type": "seen", "source": "https://t.me/cibsecurity/70679", "content": "\u203c CVE-2023-38582 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T00:28:49.000000Z"}, {"uuid": "6b62974e-2bc4-4fd1-99b5-453662aa4042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38584", "type": "seen", "source": "https://t.me/cibsecurity/72622", "content": "\u203c CVE-2023-38584 \u203c\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T00:34:42.000000Z"}, {"uuid": "e3b30cae-31e5-4b74-8023-10f6e889cf43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3858", "type": "seen", "source": "https://t.me/cibsecurity/67134", "content": "\u203c CVE-2023-3858 \u203c\n\nA vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-24T07:25:44.000000Z"}, {"uuid": "ea76d41b-86e2-4c1c-9c05-8d49934f134a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38583", "type": "seen", "source": "https://t.me/ctinow/164455", "content": "https://ift.tt/SqTmaZk\nCVE-2023-38583", "creation_timestamp": "2024-01-08T16:32:08.000000Z"}, {"uuid": "640392df-2cf2-4eb0-bc7a-0df307cca74f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38588", "type": "seen", "source": "https://t.me/cibsecurity/69987", "content": "\u203c CVE-2023-38588 \u203c\n\nArcher C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T14:17:51.000000Z"}, {"uuid": "1b1d14f7-1090-4927-81a5-5fa5917de155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38583", "type": "seen", "source": "https://t.me/ctinow/165605", "content": "https://ift.tt/kyWQz3o\nCVE-2023-38583 Exploit", "creation_timestamp": "2024-01-10T08:16:23.000000Z"}]}